Secure Communication System-OpenSSL installation and compilation and certificate generation

Source: Internet
Author: User
Tags openssl rsa csr certificate

1. Download compilation and install Configuration

Download the latest or stable version of OpenSSL from the openssld official website (www.openssl.org) (the version of this experiment is openssl-1.0.1c), and decompress the package. After pressurization, because the environment is windows, open the Windows Installation help file (install. w32) in the root directory and compile it according to the file description. Note that the Perl compiler must be installed during compilation. In this experiment, vs2012 is used, so you can select the VC compilation option. Directory selected during compilation (the command for compiling is Perl
Configure VC-WIN32 -- prefix = c: \ OpenSSL) is c: \ OpenSSL, so the installation needs to be performed in this directory. The installation is as follows:

  • Create the "C: \ OpenSSL" directory and create the "bin", "lib", "include", and "SSL" directories;
  • Copy the OpenSSL. conf file under the apps directory to the bin and SSL directories;
  • Copy openssl.exe, libeay32.dll, and ssleay32.dll under the out32dlldirectory to the bin directory;
  • Copy libeay32.lib and ssleay. Lib under the out32dll directory to the lib directory;
  • Copy the OpenSSL directory under the inc32 directory to the include directory;
  • Copy the democa directory under the apps directory and the crypto directory under the root directory to the bin directory;
  • Since OpenSSL is also required for programming, you also need to configure the programming environment and copy the include directory under the inc32 directory to the include directory under the VC directory in vs2012, put libeay32.lib and ssleay under the out32dll directory. copy lib to the lib directory under the VC directory of vs2012, and copy ibeay32.dll and ssleay32.dll to the system directory (c: \ windows \ system32.

2. Generate a certificate

Because the OpenSSL secure communication system requires the corresponding certificate, you need to prepare the corresponding certificate before programming. Three certificates and two key files are required during the program running, they are CA certificates, server certificates, client certificates, server key files, and client key files, with custom file names and extensions. However, common ones are recommended. Go to the C: \ OpenSSL \ bin directory and execute the command to generate the certificate. The steps are as follows:

  • Generate the private key (key file) of the server and execute the command
    openssl genrsa -des3 -out server.key 1024       

    After the command is successfully executed, the server. Key file is generated under the bin directory.

  • Generate the server-side CSR File
    openssl req -new -key server.key -out server.csr -config openssl.cnf

    After the command is successfully executed, the server. CSR file is generated under the bin directory.

  • The client generates the key file
    openssl genrsa -des3 -out client.key 1024     

    After the command is successfully executed, the client. Key file is generated under the bin directory.

  • Generate the CSR file of the Client
    openssl req -new -key client.key -out client.csr -config openssl.cnf

    After the command is successfully executed, the client. CSR file is generated under the bin directory.

  • Generate your own ca
     openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf

    After the command is successfully executed, the Ca. Key and Ca. CRT certificates are generated in the bin directory.

  • Use the generated CA to sign the CSR file to generate the server certificate
    Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

    After successful execution, the certificate file server. CRT will be generated

  • Use the generated CA to sign the CSR file to generate the client certificate
    Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

    After successful execution, the file client. CSR certificate will be generated

3. Certificate file description

During the above certificate generation process, only five files are required in this secure communication system, namely Ca. CRT, client. CRT, client. key, server. CRT and server. key. When using the client, the Ca. CRT, client. CRT, and client. Key Files are required. The server needs ca. CRT, server. CRT, and server. Key Files.

In the actual program, if the program is a console program, the certificate is used because the certificate password can be entered during the certificate check. However, if the form program is used, therefore, you cannot enter a password when checking and setting the certificate, which causes the certificate to fail to be checked. If you want to use the certificate, you need to remove the key file Password, in this way, certificates can be used in the Form program. The command to remove the key file is:

openssl rsa -in server.key -out server.key

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.